SB2006030901 - Improper input validation in Linux kernel
Published: March 9, 2006
Security Bulletin ID
SB2006030901
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2006-0742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the 'noreturn' attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems. This vulnerability affects all verison of Linux kernel 2.6.x before 2.6.15.6, and may be exclusive to Itanium systems.
Remediation
Install update from vendor's website.
References
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://secunia.com/advisories/19078
- http://secunia.com/advisories/19220
- http://secunia.com/advisories/19607
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.6
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/23660
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16993
- http://www.vupen.com/english/advisories/2006/0856
- http://www.vupen.com/english/advisories/2006/2554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25068
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10742
- https://usn.ubuntu.com/263-1/